Alerts from SecurityFocus Newsletter #337

Summarized by Daniel Convissor

While it's good to see SecurityFocus' systems are back in order, it unfortunately means we'll be reporting on lots of vulnerabilities in PHP apps...

APPLICATIONS USING PHP

• LinPHA Multiple Local File Inclusion and PHP Code Injection Vulnerabilities
• Multiple HiveMail Vulnerabilities
• PHP Event Calendar HTML Injection Vulnerability
• Multiple Scriptme Applications BBCode URL Tag Script Injection Vulnerability
• Scriptme SmE GB Host Login.PHP SQL Injection Vulnerability
• FarsiNews Directory Traversal and Local File Include Vulnerabilities
• GuestBookHost Multiple SQL Injection Vulnerabilities
• CPG Dragonfly CMS Remote Command Execution Vulnerability
• RunCMS Remote Code Execution Vulnerability
• QwikiWiki Search.PHP Cross-Site Scripting Vulnerability
• CALimba RB_auth.PHP Multiple SQL Injection Vulnerabilities
• Time Tracking Software Multiple Input Validation Vulnerabilities
• MyBBoard Multiple Input Validation Vulnerabilities
• Dotproject Multiple Remote File Include Vulnerabilities
• Horde Kronolith Multiple HTML Injection Vulnerabilities
• Gallery Data Unspecified Code Execution Vulnerability
• PHP/MYSQL Timesheet Multiple SQL Injection Vulnerabilities
• Flyspray ADODBPath Remote File Include Vulnerability
• E107 Website System BBCode HTML Injection Vulnerability
• Gastebuch Cross-Site Scripting Vulnerability
• Invision Power Board User Registration Denial of Service Vulnerability
• RunCMS PMLite.PHP SQL Injection Vulnerability
• sNews Multiple Input Validation Vulnerabilities
• Magic Calendar Lite Index.PHP Multiple SQL Injection Vulnerabilities
• DeltaScripts PHP Classifieds Member_Login.PHP SQL Injection Vulnerability
• PHPNuke Header.PHP Pagetitle Parameter Cross-Site Scripting Vulnerability
• IPB Army System Army.PHP SQL Injection Vulnerability
• Clever Copy Multiple HTML Injection Vulnerabilities
• Ansilove Multiple Input Validation Vulnerabilities
• DocMGR Process.PHP Remote File Include Vulnerability
• XMB Forum Multiple Input Validation Vulnerabilities
• Lawrence Osiris DB_eSession Class SQL Injection Vulnerability
• Siteframe Beaumont Search.PHP Q Parameter Cross-Site Scripting Vulnerability
• ImageVue Multiple Vulnerabilities

RELATED STUFF

• LibPNG Graphics Library PNG_Set_Strip_Alpha Buffer Overflow Vulnerability
• ImageMagick File Name Handling Remote Format String Vulnerability
• PostgreSQL Set Session Authorization Denial of Service Vulnerability
• PostgreSQL Remote SET ROLE Privilege Escalation Vulnerability